Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

Microsoft now offers business associate agreements (BAA) for Windows Azure Core Services under the Health Insurance Portability and Accountability Act (HIPAA), the company announced in a July 25 blog post.

Under the HIPAA Privacy rule, covered entities (a doctor, health insurance provider or health care clearing-house) must include a BAA for documentation when seeking access to protected health information (PHI).

"Microsoft is really ready now to stand up and be the trusted steward for covered entities," Dr. Mohamed Ayad, industry technical solution specialist for U.S. Health & Life Sciences at Microsoft, told eWEEK.

"PHI can reside safely in a Microsoft data center; now, we're extending that to cover Azure as well," said Ayad.

Further reading

PHI includes anything that would identify a patient, such as an electronic health record or medical claim, he explained.

"In the past, one of the major concerns with moving that information to the cloud was how do we secure that data and make sure it's safe," said Ayad. "Now, a provider can put that data in Azure Core Services and be sure it's in a HIPAA-secure environment."

In December, Microsoft announced that the Office 365 cloud office-productivity platform offers HIPAA-compliant capabilities for users, and earlier this year, it also introduced a BAA for its Dynamics customer-relationship management software.

Microsoft will offer BAA agreements in Azure for Web and worker roles in Cloud Services as well as tables, queues and binary large objects (BLOBS), which store unstructured data, such as video, audio and images.

Companies also can obtain BAAs for infrastructure as a service (IaaS) virtual machines and Windows Azure Connect, a machine-to-machine link between Azure and on-premise database servers and domain controllers.

By creating a BAA for Azure, health care organizations can now create both a public cloud as well as hybrid setup, in which they'd store data in both a public cloud and on-premise in a private cloud.

"Security and privacy is at the core of how we develop our software," said Ayad. "This is the next major milestone on our compliance road map." The security development lifecycle of Azure will map directly to HIPAA controls, he said.

Although Azure provides doctors, health plans and other "covered entities" with HIPAA compliance capabilities, organizations will still need to make sure their use of the platform complies with the regulations, according to Ayad.

"Covered entities understand that compliance will be on them," said Ayad. "We have to provide the tools to support the compliance."

Microsoft incorporated support for BAAs in Azure by tweaking existing security controls in the platform and by adding additional controls, the company reported.

The company developed the BAA for Azure in consultation with providers, government officials, academic medical centers and large health plans, according to Ayad.

"This is really an industry-developed business associate agreement to make sure that when we implemented these safeguards and we capped it off with the business associate agreement, it would be acceptable to the industry and allow them to be safe and secure," he said.

Editor's note: This story has been updated to clarify Windows Azure's capabilities in allowing users to become HIPAA-compliant.

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.